Received: by 2002:a17:90a:9307:0:0:0:0 with SMTP id p7csp3960112pjo; Tue, 3 Mar 2020 10:07:25 -0800 (PST) X-Google-Smtp-Source: ADFU+vujpNM8s9O+UBwWbke+nUiVaW7zDS1tXMLIMvlxds/pF61V50GcTqCv+XKpqSASIA+pctiq X-Received: by 2002:a05:6808:10b:: with SMTP id b11mr3412823oie.110.1583258845433; Tue, 03 Mar 2020 10:07:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583258845; cv=none; d=google.com; s=arc-20160816; b=Cf/LVUp6g/1XStbP4p225vxsXT+eMd9Y3zha8KoufVTCXdIC88LsvgDBx608NJj/bc doV3w0CmIB/Z/hEOFjdNfSneBgJXeUStuRpN1dFj7eCt8c67fa/26NHLKCKi9PaxZnEK LKPt9304M+cf9OfxPiSCdgFbG8czDP8WQqqk9VWhDv8yLnoWNm8YilSMQyZvhlQY7BAB 6AHlWivJvz8OloyOSIoFUKp8qslZsIUPAk5x630lbXQAwq10/fWUS/SQpGb7Ge1DHLHi ozacp55eGEGq6RyQ65q4DpV/F5Ygfeqbz56zDaOB9oVQO9wm/E98S/IKzD8HlWbcitp8 E4QQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=T/gOXyeSdYiHOIBTDvPwv+7tvHlE6dcjG7xITEl33i0=; b=zdvBnsswL5vA1ZDUJiE1+BAi8/Qx8eZ5BnW3zsEV1tf3GiuA75g7aDAOP80VzYqNRw vccD17Mk4c7RO5Iyn08gWgg3LsLXWJuSibFj5x3vOMy3u7aQck72wczH4TveihpfVzGz HUhAOIgviUo8UluKi5xaFTan6wcAmTNCcabyTzxffThtz1kq0SuMaZHC0YdvmYDSDv1m 1/ZpALWC7xajXDhLA2gBy41sM1DZpLSGPauRI/YWmbWAsMM9BYfMfSBG7L+mhOp6W7mk EkeYuZj4n7xiwBQTVmpzv/MOGTVS57r9VpCn7UAUzOiZ7hvNocyE059g4SLB97nMiToJ 6i0A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ILKth2RM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w33si947601otb.48.2020.03.03.10.07.13; Tue, 03 Mar 2020 10:07:25 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ILKth2RM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732927AbgCCR4h (ORCPT + 99 others); Tue, 3 Mar 2020 12:56:37 -0500 Received: from mail.kernel.org ([198.145.29.99]:38848 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732913AbgCCR4f (ORCPT ); Tue, 3 Mar 2020 12:56:35 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 69B1C20728; Tue, 3 Mar 2020 17:56:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1583258194; bh=MHH9f6Sl1J/Q2oNgbCemXFSvYVS6iwJBMMPs+2grVhE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ILKth2RM+mUEkFyLomseSLe1kGNwWXGLZ1bE3ir4PRc5yHg1kdPnFG5nPdnTBxOTo smzO+20D1/gWQuDGsoUpe1eGcuVwhllUFnmA7VM9v/EQtnLaXFyCFLpgZ2WHAx5URr ZCins7hMafzhtw6/uVL4ULJZ5ztjSq7E/Byib3/E= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+6a86565c74ebe30aea18@syzkaller.appspotmail.com, Jozsef Kadlecsik Subject: [PATCH 5.4 090/152] netfilter: ipset: Fix forceadd evaluation path Date: Tue, 3 Mar 2020 18:43:08 +0100 Message-Id: <20200303174312.803632057@linuxfoundation.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200303174302.523080016@linuxfoundation.org> References: <20200303174302.523080016@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jozsef Kadlecsik commit 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 upstream. When the forceadd option is enabled, the hash:* types should find and replace the first entry in the bucket with the new one if there are no reuseable (deleted or timed out) entries. However, the position index was just not set to zero and remained the invalid -1 if there were no reuseable entries. Reported-by: syzbot+6a86565c74ebe30aea18@syzkaller.appspotmail.com Fixes: 23c42a403a9c ("netfilter: ipset: Introduction of new commands and protocol version 7") Signed-off-by: Jozsef Kadlecsik Signed-off-by: Greg Kroah-Hartman --- net/netfilter/ipset/ip_set_hash_gen.h | 2 ++ 1 file changed, 2 insertions(+) --- a/net/netfilter/ipset/ip_set_hash_gen.h +++ b/net/netfilter/ipset/ip_set_hash_gen.h @@ -931,6 +931,8 @@ mtype_add(struct ip_set *set, void *valu } } if (reuse || forceadd) { + if (j == -1) + j = 0; data = ahash_data(n, j, set->dsize); if (!deleted) { #ifdef IP_SET_HASH_WITH_NETS